CVE-2010-1617

user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page.

Affected Software

Name	Vendor	Start Version	End Version
Moodle	Moodle	1.8.1 (including)	1.8.1 (including)
Moodle	Moodle	1.8.2 (including)	1.8.2 (including)
Moodle	Moodle	1.8.3 (including)	1.8.3 (including)
Moodle	Moodle	1.8.4 (including)	1.8.4 (including)
Moodle	Moodle	1.8.5 (including)	1.8.5 (including)
Moodle	Moodle	1.8.6 (including)	1.8.6 (including)
Moodle	Moodle	1.8.7 (including)	1.8.7 (including)
Moodle	Moodle	1.8.8 (including)	1.8.8 (including)
Moodle	Moodle	1.8.9 (including)	1.8.9 (including)
Moodle	Moodle	1.8.10 (including)	1.8.10 (including)
Moodle	Moodle	1.8.11 (including)	1.8.11 (including)
Moodle	Moodle	1.9.1 (including)	1.9.1 (including)
Moodle	Moodle	1.9.2 (including)	1.9.2 (including)
Moodle	Moodle	1.9.3 (including)	1.9.3 (including)
Moodle	Moodle	1.9.4 (including)	1.9.4 (including)
Moodle	Moodle	1.9.5 (including)	1.9.5 (including)
Moodle	Moodle	1.9.6 (including)	1.9.6 (including)
Moodle	Moodle	1.9.7 (including)	1.9.7 (including)
Moodle	Ubuntu	dapper	*
Moodle	Ubuntu	hardy	*
Moodle	Ubuntu	jaunty	*
Moodle	Ubuntu	karmic	*
Moodle	Ubuntu	lucid	*
Moodle	Ubuntu	maverick	*
Moodle	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-1617
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References